| Description: | crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. It was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
|